By Roy Urrico
Finopotamus aims to highlight white papers, surveys, analyses, new items and reports that provide a glimpse as to what could, or potentially impact credit unions and other organizations in the financial services industry.
A roundup of some recent information security items reveals data breaches are up so far in 2022, and two recent cybersecurity threats highlight the dangers employees and former employees present to many organizations.
Data Breaches Off to a Fast Start
The El Cajon, Calif.-based Identity Theft Resource Center (ITRC) reported year-over-year results that indicate a fast start to data breaches in the first quarter of 2022, following a record-setting 2021. More than 90% of data breaches in the quarter are cyberattack related.
According to the ITRC data breach analysis, the 404 publicly-reported data compromises in the U.S. during this year’s first quarter represent a 14% increase compared to same period of 2021. However, despite the breach increase, the number of victims (20.7 million) decreased 50% in quarter one, 2022, and dropped 41% compared to quarter four, 2021. The financial services, healthcare, manufacturing and utilities, and professional services sectors had the most compromises in the first quarter of 2022.
“Traditionally, Q1 is the lowest number of data compromises reported each year,” said Eva Velasquez, President and CEO of the ITRC. “The fact the number of breach events in Q1 represents a double-digit increase over the same time last year is another indicator that data compromises will continue to rise in 2022 after setting a new all-time high in 2021.” Velasquez recommended that it is vital that businesses and consumers continues to practice good cyberhygiene to help reduce the amount of personal information flowing into the hands of cyberthieves.
A Chip Off of Block
San Francisco-based Block (formerly known as Square) confirmed a data breach occurred when a former employee accessed and downloaded reports from Cash App, a mobile payment service developed by Block allowing users to transfer money containing customer information. Block did not reveal the number of Cash App customers impacted but said it was contacting approximately 8.2 million current and former customers about the incident.
In a filing with the Securities and Exchange Commission (SEC) on April 4, 2022, Block said the insider accessed the reports on December 10, 2021. “While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” the filing read.
Andrew Hollister, deputy chief information security officer and vice president, labs, at the Boulder, Colo. risk protection firm LogRhythm, said, “Insider threats are especially dangerous due to the level of accessibility and the knowledge around IT systems housing valuable data.” Hollister added, “While it is unknown why the former employee still had access to these functions after their employment ended, it has been reported that the information accessed includes full names, brokerage account numbers, brokerage portfolio value, brokerage portfolio holdings and stock trading activity.”
Hollister pointed out, companies operating applications like Cash App that house limitless amounts of valuable and personally identifiable information (PII) must evaluate and address the risk of compromise by current or former employees. “Whilst the motives of the individual are not known at this point, background checks are an important part of the overall strategy where employees have regular access to such significant quantities of sensitive information.”
Furthermore, Hollister suggested it is crucial to establish a robust onboarding and offboarding process for employees in managing this risk. “Prioritizing an integrated approach where the act of terminating an individual’s employment in the human resources system automatically triggers the removal of access across all systems and applications, followed by validation checks, will help ensure that customer, employee and company data alike remain protected and in the right hands.”
Preventing BitB Bites
In mid-March, an Information security researcher exposed a different phishing technique called browser-in-the-browser (BitB) attacking, which takes advantage of embedded third-party single sign-on options —such as those using Google, Facebook, Apple or Microsoft — for authentication. The fake browser instead steals organizational login credentials.
BitB attacks act as an extension to existing clickjacking ploys, which spoof legitimate domains to bypass security controls. With this technique, scammers create entirely fabricated popup windows to trick users. “Very few people would notice the slight differences between the two,” according to the article from “mr.d0x,” the infosec exposer.
Julia O’Toole, CEO and founder of MyCena Security Solutions, which specializes in credentials security for many industries including banking, finance and insurance, offered some insight into the threat. “Organizations should remove the danger that these BitB phishing attacks present by ensuring that employees can no longer create, view or type passwords to access the company files, apps and systems. This amounts to taking back access control and removing the risks of human error from the network access process.
To the untrained eye, which is likely most workers, these types of phishing attacks are dangerous yet impossible to spot, O’Toole added. “All it takes is for one unsuspecting employee to make a mistake and it compromises the entire network.”
She warned, “Attacks like these are not for quick cash payouts. Actors will sit inside your system and wait to cause the most damage. All the while, the user continues working without realizing they’ve unwittingly given their credentials away.”
O’Toole noted this type of attack also took place in 2020 when cybercriminals used similar BitB techniques on the video game digital distribution service Steam to gain access to consumer credentials.
“While this may cause damage to individuals, what we’re seeing now is a more aggressive assault on an organizational level,” O’Toole said. She explained, “Password managers and single sign-on tools may provide a surface layer of convenience for users, but in the event of a breach also offer their company’s keys to the kingdom on a silver platter. Instead, access segmentation and encrypted passwords distribution is a more effective solution that completely removes the potential threat of human error or fraud from the equation and safeguards access integrity.”